Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man4/proc.4.man.txt
          +++ new/usr/src/man/man4/proc.4.man.txt
↓ open down ↓ 832 lines elided ↑ open up ↑
 833  833  
 834  834  
 835  835  
 836  836         which is followed by additional information about the process state
 837  837         pr_infosize bytes in size.
 838  838  
 839  839  
 840  840         The full size of the structure can be computed using
 841  841         PRIV_PRPRIV_SIZE(prpriv_t *).
 842  842  
      843 +   secflags
      844 +       This file contains the security-flags of the process.  It contains a
      845 +       description of the security flags associated with the process.
      846 +
      847 +         typedef struct prsecflags {
      848 +              uint32_t pr_version;          /* ABI Versioning of this structure */
      849 +              secflagset_t pr_effective;    /* Effective flags */
      850 +              secflagset_t pr_inherit; /* Inheritable flags */
      851 +              secflagset_t pr_lower;        /* Lower flags */
      852 +              secflagset_t pr_upper;        /* Upper flags */
      853 +         } prsecflags_t;
      854 +
      855 +
      856 +
      857 +       The pr_version field is a version number for the structure, currently
      858 +       PRSECFLAGS_VERSION_1.
      859 +
 843  860     sigact
 844  861         Contains an array of sigaction structures describing the current
 845  862         dispositions of all signals associated with the traced process (see
 846  863         sigaction(2)). Signal numbers are displaced by 1 from array indices, so
 847  864         that the action for signal number n appears in position n-1 of the
 848  865         array.
 849  866  
 850  867     auxv
 851  868         Contains the initial values of the process's aux vector in an array of
 852  869         auxv_t structures (see <sys/auxv.h>). The values are those that were
↓ open down ↓ 1327 lines elided ↑ open up ↑
2180 2197  SEE ALSO
2181 2198         ls(1), ps(1), chroot(1M), alarm(2), brk(2), chdir(2), chroot(2),
2182 2199         close(2), creat(2), dup(2), exec(2), fcntl(2), fork(2), fork1(2),
2183 2200         fstat(2), getdents(2), getustack(2), kill(2), lseek(2), mmap(2),
2184 2201         nice(2), open(2), poll(2), pread(2), ptrace(3C), pwrite(2), read(2),
2185 2202         readlink(2), readv(2), shmget(2), sigaction(2), sigaltstack(2),
2186 2203         vfork(2), write(2), writev(2), _stack_grow(3C), readdir(3C),
2187 2204         pthread_create(3C), pthread_join(3C), siginfo.h(3HEAD),
2188 2205         signal.h(3HEAD), thr_create(3C), thr_join(3C), types32.h(3HEAD),
2189 2206         ucontext.h(3HEAD), wait(3C), contract(4), core(4), process(4),
2190      -       lfcompile(5), privileges(5)
     2207 +       lfcompile(5), privileges(5), security-flags(5)
2191 2208  
2192 2209  DIAGNOSTICS
2193 2210         Errors that can occur in addition to the errors normally associated
2194 2211         with file system access:
2195 2212  
2196 2213         E2BIG
2197 2214                      Data to be returned in a read(2) of the page data file
2198 2215                      exceeds the size of the read buffer provided by the
2199 2216                      caller.
2200 2217  
↓ open down ↓ 112 lines elided ↑ open up ↑
2313 2330         version of /proc will be dropped in a future release, at which time the
2314 2331         top-level directory for a process will be made world-readable.
2315 2332  
2316 2333  
2317 2334         On SPARC based machines, the types gregset_t and fpregset_t defined in
2318 2335         <sys/regset.h> are similar to but not the same as the types prgregset_t
2319 2336         and prfpregset_t defined in <procfs.h>.
2320 2337  
2321 2338  
2322 2339  
2323      -                                March 31, 2013                         PROC(4)
     2340 +                                 June 6, 2016                          PROC(4)
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX